

WHAT IS CLAIMED IS:

1        1. An encrypted network system, comprising:  
2                  a network to transmit an encrypted packet; and  
3                  a computer to receive said encrypted packet from said network, and to  
4                  perform a decryption operation thereupon to convert said encrypted packet to a  
5                  decrypted packet, said computer including:  
6                          a network interface to provide electronic communication between  
7                  said computer and said network,  
8                          a network driver to regulate said decryption operation,  
9                          a controller to perform said decryption operation,  
10                          a host memory to store data that is used or generated by said  
11                          decryption operation, and  
12                          a bus providing electronic communication among said network  
13                          interface, said network driver, said host memory and said controller, said  
14                          controller asserting an interrupt prior to a complete transfer of said  
15                          decrypted packet from said controller to said host memory.

1        2. The encrypted network system of claim 1, wherein at least one security  
2                  association (SA) is stored in said host memory.

1        3. The encrypted network system of claim 2, wherein said network driver parses said  
2                  encrypted packet, matches said encrypted packet with one of said at least one SA  
3                  and instructs said network interface to transfer said encrypted packet and said one  
4                  SA across said bus to said controller.

1       4. The encrypted network system of claim 1, wherein said network interface  
2           includes a cryptography accelerator.

1       5. The encrypted network system of claim 1, wherein said controller transfers said  
2           decrypted packet across said bus from said controller to said host memory.

1       6. The encrypted network system of claim 1, wherein said controller asserts an  
2           additional interrupt after completion of said decryption operation.

1       7. The encrypted network system of claim 1, wherein said network driver specifies  
2           an average latency value to said controller for use in said decryption operation.

2       8. A computing system for performing a decryption operation on an encrypted  
3           packet, comprising:  
4                 a network driver to regulate said decryption operation;  
5                 a controller to perform said decryption operation;  
6                 a host memory to store data that is used or generated by said decryption  
7                 operation; and  
8                 a bus providing electronic communication among said network driver, said  
9                 host memory and said controller, said decryption operation converting said  
10                encrypted packed into a decrypted packet, and said controller asserting an  
11                interrupt prior to a complete transfer of said decrypted packet from said controller  
                  to said host memory.

1       9. The computing system of claim 8, wherein said computer further includes a  
2                  network interface to provide electronic communication between said computer  
3                  and a network.

1       10. The computing system of claim 9, wherein at least one security association (SA)  
2                  is stored in said host memory.

1       11. The encrypted network system of claim 10, wherein said network driver parses  
2                  said encrypted packet, matches said encrypted packet with one of said at least one  
3                  SA and instructs said controller to transfer said encrypted packet and said one SA  
4                  across said bus to said controller.

1       12. The computing system of claim 8, wherein said network interface includes a  
2                  cryptography accelerator.

1       13. The computing system of claim 8, wherein said controller transfers said decrypted  
2                  packet across said bus from said controller to said host memory.

1       14. The computing system of claim 8, wherein said controller asserts an additional  
2                  interrupt after completion of said decryption operation.

1       15. The computing system of claim 8, wherein said network driver specifies an  
2                  average latency value to said controller for use in said decryption operation.

1       16. A method of decrypting an encrypted packet received by a computing system,  
2                  comprising:  
3                          receiving said encrypted packet from a network;

4                   converting said encrypted packet to a decrypted packet;  
5                   transferring said decrypted packet to a host memory; and  
6                   asserting an interrupt at a time before completing said transfer of said  
7                   decrypted packet to said host memory.

1                 17. The method of claim 16, wherein prior to converting said encrypted packet, said  
2                   method further includes:

3                   issuing a decryption command to a controller; and  
4                   determining a time for said assertion of said interrupt in response to said  
5                   decryption command.

1                 18. The method of claim 16, wherein said step of converting said encrypted packet to  
2                   said decrypted packet further includes:

3                   parsing said encrypted packet;  
4                   matching said encrypted packet with a corresponding security association  
5                   (SA) stored in said host memory; and  
6                   transferring said encrypted packet and said corresponding SA to a  
7                   controller.

1                 19. The method of claim 16, wherein said step of converting said encrypted packet to  
2                   said decrypted packet further includes authenticating said decrypted packet.

1                 20. The method of claim 16, further including asserting an additional interrupt upon  
2                   completion of said transfer of said decrypted packet to said host memory.

21. The method of claim 16, further including indicating said decrypted packet to a protocol stack after asserting said interrupt.
22. A program code storage device, comprising:
  - a machine-readable storage medium; and
  - machine-readable program code, stored on the machine-readable storage medium, the machine-readable program code having instructions to:
    - receive said encrypted packet from a network;
    - convert said encrypted packet to a decrypted packet;
    - transfer said decrypted packet to a host memory; and
    - assert an interrupt at a time before completing said transfer of said decrypted packet to said host memory.
23. The system of claim 22, wherein prior to the instructions to convert said encrypted packet, said system further includes instructions to:
  - issue a decryption command to a controller; and
  - determine a time for said assertion of said interrupt in response to said decryption command.
24. The system of claim 22, wherein said instructions to convert said encrypted packet to said decrypted packet further includes instructions to:
  - parse said encrypted packet;
  - match said encrypted packet with a corresponding security association (SA) stored in said host memory; and
  - transfer said encrypted packet and said corresponding SA to a controller.

1        25. The method of claim 22, wherein said instructions to convert said encrypted  
2              packet to said decrypted packet further includes instructions to authenticate said  
3              decrypted packet.

1        26. The system of claim 22, further including instructions to assert an additional  
2              interrupt upon completion of said transfer of said decrypted packet to said host  
3              memory.

1        27. The method of claim 22, further including instructions to indicate said decrypted  
2              packet to a protocol stack after the instruction to assert said interrupt